Hello Dear forum Members,Moderators,Developers and all others!Since it is actual problem(at least for server administrators) any helps,hints,*tricks* will be usefull.Ok,Here is my question:Is here any configuration "directive" for MYSQL 5.5.x something like PHP'smax_execution_time?Problem in that:select benchmark('5000000000000','ksjdfndjnfjfjdfdfjgn fjn gf');

query (2-3 such query can overload server,it will eat CPU time plus RAM) so,server will become to overloaded state ASAP.(BTW,it is more efficient way to DOS servers using 2-3 such queries intead of using Huge BOTNET attack against server)In other words this is a Denial Of Service (aka DOS) against server(In ex: if malicious user imaged to find sql injection vulnerability in some php script)

Problem in that PHP'smax_execution_time is not enought for prevent this "attack"You can ask why?Because query goes to MYSQL Server in this case then PHP script excidees it's maximum execution time but in fact thatmalicious "DOS" query still in use (In MYSQL server)(PHP's max execution time nothing does in this case)And as result your Server will get overloaded(DOS-ed).

You can see that MYSQL query execution still in progress.You can reproduce this simply for yourself.

Dears,my question:

How I can "LIMIT" that SQL STATEMENT execution time(lets say after 30 seconds) In MYSQL Server itself?To be more clear: [My Goal is to stop "natively" that mysql query in MYSQL Server after 30 seconds and prevent MYSQL Server overload](AFAIK theris no such option in my.ini) or what i'm missing?If this is not possible how we can mitigate(prevent) this attack against MYSQL server?

My goal is to monitor mysql server for malicious queries which sits more than 10 seconds + which can cause Denial of Service(In eg: High CPU Load,High Memory Load etc.)(IN eg: select benchmark(500000000005,'!AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'); )I'm a Autoitscript file.(For compile http://autoitscript.com/)You can compile me to standalaone executable (x64 && x86).And you can use me on your server.But always make sure i'm not world readable or writeable plus is not spoofable by users.Finally i'm For Windows OS.No need to add me to task scheduler just Add me to Autostart i will loop every 12 seconds and monitor mysql server formalicious SQL statements (assuming Denial of Service) and i will kill it for you.

$makeautostart is for autostart of application when user logs in.Possible values:0 Do not start application when user logs in to system.(You need o start mysqlwatcher manually)1 Means start application when user logs in.(Automatically)

*FOR HIGH SECURITY(i know it is illusion) (IT IS RECOMENDED) TO INSTALL YOUR MYSQL SERVER ON ANOTHER BOX.* WHICH WILL PREVENT STEALING OF YOUR APPLICATION(i assume will prevent from Reverce code Engineering-because mysqlwatcher contains MYSQL server root password!)Here is how i'm doing it:

$killifexceeds=10; seconds (If query sits on MYSQL server more than 10 (ten seconds) killing it //default value=10 seconds$sleepinloop=12; seconds //This is a main loop sleep time.DO not specify it to 0 (zero).Otherwise you can get HIGH CPU LOAD!!!! //defaut value=12 seconds